Report: Russian arrests allegedly tied to passing hacking information to U.S.

The U.S.-Russia hacking intrigue didn't end with the new year. Four new reported arrests add a new layer of questions to the whirlwind of 2016 election hacking.

A day after it was revealed that two Russian cybersecurity experts had been arrested on treason charges, Russian media is reporting that the total number of arrests is four: including Sergei Mikhailov, the top cybersecurity officer in Russia’s Federal Security Service.

The arrests include Mikhailov, Dmitry Dokuchaev, who was in Mikhailov’s FSB unit; Ruslan Stoyanov, the lead cybercrime investigator at Kaspersky Labs; and an unidentified fourth suspect.

The independent newspaper Novaya Gazeta (New Gazette) reported that the FSB thinks Mikhailov gave information to Americans about Vladimir Fomenko, who owns a server rental company known as King Servers. The company was identified in September by Arlington, Va.-based ThreatConnect as the manager of an “information nexus” used by hackers attacking institutions across the western world, including election systems in Arizona and Illinois in 2016.

The Russian government is still staying silent on the issue, so it’s extremely difficult to parse the exact details and timeline beyond anonymously-sourced media reports. The Moscow Times — an English-language weekly newspaper based in Moscow — suggests the arrests took place this week, while previous reports said the arrests took place in December.


Fomenko spoke to the New York Times last year, denying knowledge of hackers using his servers:

On Sept. 15, Mr. Fomenko issued a statement saying that he had learned belatedly from news reports of the accusation that the hacking of the Arizona and Illinois voting systems were staged from two of his servers, and that he had shut them down. Mr. Fomenko does not deny that hackers used his servers, but does deny knowing that they did until Sept. 15. He says he does not know who they are, but that they are certainly not the Russian security agencies.

“The analysis of the internal data allows King Services to confidently refute any conclusions about the involvement of the Russian special services in this attack,” he said in his statement. But then, apparently striking a sarcastic tone, he said he would send a bill to Mr. Trump and Mr. Putin for server rent left unpaid by the hackers.

New reports from Kommersant, the Russian daily newspaper that originally broke the arrest news, assert that Ruslan Stoyanov is now being represented by Ivan Pavlov and Evgeny Smirnov of Team 29, a group of human rights attorneys with a history of winning treason cases in Russia. The report also confirms that the arrests did indeed take place in December, despite the Moscow Times’ report.

ThreatConnect and King Servers have not yet responded to a request for comment.

Patrick Howell O'Neill

Written by Patrick Howell O'Neill

Patrick Howell O’Neill is a cybersecurity reporter for CyberScoop based in San Francisco.

Latest Podcasts